Bug 270380 - security/strongswan TLS 1.2 in EAP-TLS plugin broken in 5.9.10
Summary: security/strongswan TLS 1.2 in EAP-TLS plugin broken in 5.9.10
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Fernando Apesteguía
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-21 08:36 UTC by Andrey Kiryanov
Modified: 2023-03-29 12:52 UTC (History)
3 users (show)

See Also:
fernape: maintainer-feedback? (strongswan)

Attachments
Patch to fix TLS1.2 plugin (1.15 KB, patch)
2023-03-29 08:04 UTC, Fernando Apesteguía 		strongswan: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Kiryanov 2023-03-21 08:36:33 UTC 
TLS 1.3 changes in strongswan 5.9.10 EAP-TLS plugin broke TLS 1.2 clients like iOS devices.

reference:
https://github.com/strongswan/strongswan/discussions/1613

patch:
https://github.com/strongswan/strongswan/compare/master...eap-tls-fix.patch
Comment 1 Tobias Brunner 2023-03-24 07:44:30 UTC 
Note that the fix is now in master:

https://github.com/strongswan/strongswan/commit/3d0d3f5d028a0c630f89cb4fec5b2cd5364f568b
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2023-03-29 08:04:57 UTC 
Created attachment 241177 [details]
Patch to fix TLS1.2 plugin

Could you try this patch and come back with some feedback?

Thanks!
Comment 3 Andrey Kiryanov 2023-03-29 08:44:03 UTC 
Comment on attachment 241177 [details]
Patch to fix TLS1.2 plugin

Hi Fernando,

The patch works well, thanks! I can connect from my iphone without issues now.
Comment 4 Francois ten Krooden 2023-03-29 11:04:04 UTC 
happy with the patch
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2023-03-29 12:52:31 UTC 
Committed,

Thanks!
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-03-29 12:52:31 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e27bfba4d7fa645b5aad5ebfa66a46a108247814

commit e27bfba4d7fa645b5aad5ebfa66a46a108247814
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-03-29 07:16:01 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-03-29 12:47:31 +0000

    security/strongswan: Fix  TLS 1.2 in EAP-TLS plugin

    Cherry pick commit from upstream.

    PR:             270380
    Reported by:    dronmbi@gtn.ru
    Approved by:    strongswan@Nanoteq.com (maintainer)

 security/strongswan/Makefile | 3 +++
 security/strongswan/distinfo | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)